Veracode Vulnerability DatabaseVERACODE:43786Denial Of Service (DoS) Through Infinite Loop
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%
libX11.so is vulnerable to Denial of Service (DoS). The vulnerability is due to incorrect calculation of SubImageWidth in the PutSubImage function when communicating with an X server which creates oversized requests. This miscalculation triggers an infinite loop, potentially leading to a Denial of Service.
References
www.openwall.com/lists/oss-security/2024/01/24/9
access.redhat.com/errata/RHSA-2024:2145
access.redhat.com/errata/RHSA-2024:2973
access.redhat.com/security/cve/CVE-2023-43786
bugzilla.redhat.com/show_bug.cgi?id=2242253
gitlab.freedesktop.org/xorg/lib/libx11/-/commit/204c3393c4c90a29ed6bef64e43849536e863a86
lists.fedoraproject.org/archives/list/[email protected]/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/
security.netapp.com/advisory/ntap-20231103-0006/
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%